Exploring the Security Issues of Ethereum Smart Contracts

The Bitcoin blockchain allows people to transfer bitcoins around the world without a central authority or bank. Ethereum enables decentralized applications development and deployment, on a distributed public ledger network beyond the simple value transfer of Bitcoin.

Although there are similarities between the two, the most notable differences are that Ethereum differs in both the network’s capability, as well as its purpose.

On Ethereum, miners don’t mine for coins, they earn them. Ether is a digital currency used by app developers to perform transactions and pay for services and fees. Furthermore, developers are allowed to program their own smart contracts. The term “smart contract” describes a computer code on the Ethereum network that streamlines the exchange of content, property, money, shares, or any other type of asset that provides value. It can be thought of like a regular legal contract, except that the computer code behind it ensures that its terms are followed at all times without the need for a 3rd party (like a court).

Fully autonomous, Ethereum operates following its very own coding language, internet browser, and payment system. Its core benefit is that users can create their own decentralized applications, meaning no single person or entity has ownership rights to the app once it has been created. Regardless of the benefits, the Ethereum network is not entirely secure. In fact, most smart contract security issues are linked to improperly written code.

Ethereum Smart Contract Security Issues

The architecture behind Solidity, the programming language in which Ethereum is written, demands that developers have an innovative engineering mindset. To mitigate security vulnerabilities and understand the way secure smart contracts are developed, non-security experts must first get to know the process. Considering that smart contracts on the Ethereum Mainnet are public, immutable, and distributed, they’re predisposed to vulnerabilities that usually come from basic coding mistakes. Imagine needing to write a perfect legal Contract the very first draft, with no previous contracts to refer to for guidelines, to ensure that all clauses throughout history are considered.

Smart contracts are self-enforcing, self-executing virtual agreements that leverage data to drive transactions. Two of their main benefits are accuracy and transparency. Thanks to Blockchain technology, they record terms and conditions in detail and they’re fully accessible to all parties involved.

Also, smart contracts are live on the web; they run on software and can’t be turned off. Executing transactions happens fast, meaning you can leverage them to speed traditional business processes. Industries such as healthcare, banking, real estate and insurance have a lot to gain from adopting smart contracts because they rely on a system of crystal-clear rules and regulations.

In spite of the benefits associated with the use of smart contracts on Ethereum, there have been notable concerns mostly related to coding mistakes.

Even though smart contracts are meant to simplify operations with their sophisticated nature, the code is complex because contracts are written by human beings and even minor errors can lead to serious security breaches. The perfect example is The DAO hack, which merely exploited a vulnerability in the code, triggering a hack of $31 million in Ethereum – one of the bigger hacks in cryptocurrency history at the time.

Smart Contract code can be challenging to assess, and it could take weeks, months, and sometimes years to spot security flaws. As smart contracts increase in popularity and capabilities, there is a growing need for added protocol layers of distributed consensus to make sure the data is valid before being immutably posted onto the Blockchain.

The evolution of the Ethereum contract system enables transactions to be executed automatically without involving third parties or middlemen. Without a proper system of recourse, rectification or contestation of an attack, bots may easily attest or affirm misinformation. Invalid real world inputs for a smart contract are a main flaw of Smart Contract and Blockchain-based systems.

For smart contracts on Ethereum to be considered trustworthy, some type of insurance is needed to deal with nefarious blockchain inputs and misinformation; and at the same time guarantee that settlement happens only when inputs are valid. iCash aims to achieve this exact goal: to solve security concerns on Ethereum by leveraging the Proof of Trust protocol. The core objective of the PoT protocol is to build software, create incentives, and apply safeguards that permit commerce in a completely decentralized environment.

There are three core pillars of iCash:

Trust & full transparency

The PoT protocol will first be implemented and executed on the iCash dApp. Its main objective will be to create software, incentives and safeguards that enable decentralized commerce. The PoT protocol will be applied on top of the blockchain layer and it will be used as a filter leveraging reputational algorithms of different inputs for establishing trust through distributed validation.

The Proof of Trust protocol takes place between a range of accountable participants, also known as Delegates with proven legitimacy for executing smart contracts. To ensure Delegates accountability and guarantee individual identity, a KYC process is agreed upon on the distributed network. Even though the PoT is not entirely anonymous, it can be trusted without sacrificing technical efficiency. Unless proven otherwise, Delegates are believed to have value before being added to the PoT network.

All Delegates are provided with a 100% trust rating upon being added onto the PoT network. Fluctuations may only occur when disputes emerge. A high rating can only be maintained if Delegates provide correct data; otherwise, their trust rating start declining.

Speed & scalability

Although iCash tokens will be initially launched on Ethereum and will be ERC-20 compliant, future transactions won’t be restricted to a single blockchain. The team behind the iCash platform is planning to develop a full-blown iCash ecosystem to streamline transactions and allow them to propagate on all blockchains, including NEO, EOS, Cardano, and Ethereum.

The token development process was created on Ethereum’s Virtual Machine and was written in a programming language meant for writing smart contracts named Solidity. iCash exponentially increases the speed and scalability potential of Token execution through off-chain and on-chain Smart Contracts, as well as a multi-blockchain approach, currently centered on Ethereum, EOS, and NEO. In terms of plans for the future, iCash aims to apply its PoT protocol on all major trusted blockchains.

Unique Utility

The iCash dApps are meant to enable users from all around the world to pose social challenges by staking their tokens against the odds they see fit for any verifiable live event. After a user proposes a challenge, and another accepts it, an Ethereum smart contract is issued through the dApp.

For receiving determination inputs, there will be a wide array, yet finite sources made available on iCash. As Delegates start off as trusted partners, they’ll have to maintain their 100% trust score by running individual queries. The platform is currently expanding relationships with various sports networks that provide updated sports news in the industry. These inputs will be used to supply Smart Contract determination and establish PoT for live sports events. iCash strongly believes in a future collaboration with other industry leaders like CBS-Sport.Net and ESPN to join the project as Delegates and input determinations.

Upon the successful completion of the iCash STO, the team plans to launch a utility product for immediate use of the iCash token.